Ultimate Membership Pro <= 7.5 - Arbitrary media upload

The ajax-upload.php endpoint doesn't check for the current user's capabilities or that they are even logged in, so we can do a few things we shouldn't be able to do: Without any credentials, you can simply POST the image file in the field ihcfile and it'll store it for you: $ curl -F...

CVE-2018-19421

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validatesafefile in admin/inc/securityfunctions.php...

CVE-2018-19421

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validatesafefile in admin/inc/securityfunctions.php...

CVE-2018-19420

In GetSimpleCMS 3.3.15, an HTML-execution vulnerability exists in the upload handling path. Although admin/upload.php blocks .html uploads, HTML can still be executed via edge cases such as files with no extension or unrecognized extensions (e.g., test or test.asdf) through the interaction with a...

CVE-2018-19421

CVE-2018-19421 affects GetSimpleCMS 3.3.15. The vulnerability arises in the upload handling: admin/upload-uploadify.php and the validation routine in admin/inc/security_functions.php interact with admin/upload.php, which blocks .html uploads but allows Internet Explorer to render HTML elements co...

CVE-2018-18867

An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495...

CVE-2018-18867

An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495...

CVE-2018-18867

An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495...

Design/Logic Flaw

e107web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type...

CVE-2018-15495

CVE-2018-15495 affects Responsive FileManager prior to 9.13.3. The vulnerability allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, demonstrated by file:///etc/passwd. Several connected records (OSV and related entries) note that a fix existed but ...

Responsive FileManager Cross-Site Request Forgery Vulnerability

Responsive FileManager is an open source file manager written in PHP that supports uploading and managing videos, images and other files. A server-side request forgery vulnerability exists in the upload.php file in version 9.13.1 of Responsive FileManager. No details of the vulnerability are...

CVE-2018-14728

upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter...

CVE-2018-14728

upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter...

CVE-2018-14728

upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter...

CVE-2018-14334

manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766...

CVE-2018-11523

upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files...

CVE-2018-11523

CVE-2018-11523 : The NUUO NVRmini 2 series (NUUO NVRmini 2, NVRsolo) is affected by a vulnerability in upload.php that enables arbitrary file upload. The issue arises from an upload mechanism that allows uploading files such as PHP scripts, enabling potential remote code execution on affected dev...

NUUO NVRmini 2 Arbitrary File Upload Vulnerability

The NUUO NVRmini 2 is a video storage management device from NUUO USA. A security vulnerability exists in the upload.php file in the NUUO NVRmini 2. An attacker can exploit this vulnerability to upload arbitrary files e.g., .php files...

CVE-2018-8766

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/adminvod.php?action=add...

Design/Logic Flaw

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/adminvod.php?action=add...